CVE-2019-0384

Summary

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Treasury and Risk Management (S4CORE)< 1.01affected
SAP SESAP Treasury and Risk Management (S4CORE)< 1.02affected
SAP SESAP Treasury and Risk Management (S4CORE)< 1.03affected
SAP SESAP Treasury and Risk Management (S4CORE)< 1.04affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.0affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.03affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.04affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.05affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.06affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.16affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.17affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 6.18affected
SAP SESAP Treasury and Risk Management (EA-FINSERV)< 8.0affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References